A man arrested by UK police for engaging in terrorist activities has been charged with publishing his blog using the HTTPS protocol. Samata Ullah, 33, from Cardiff, was arrested and charged with six terrorism offences related to his blog, which purportedly contained instructions on how to use guided missiles and disguise USB drives as cufflinks, designed to aid ISIS operatives, with “the intention of assisting another or others to commit acts of terrorism.”
One curious charge levelled against Ullah, though, is “developing an encrypted version of a blog,” which can only refer to his use of HTTPS to publish his site. HTTPS is a secure internet protocol which is increasing in popularity online since it protects internet users from eavesdropping or tampering. Using HTTPS to publish a website is considered best practice, and most social media sites, including Twitter and Facebook, use it.
Internet encryption is not illegal in the UK – not yet, anyway, and it is already illegal to withhold encryption keys from police – so it is strange, to say the least, to see it (and hiding USB drives in cufflinks, which, again, doesn’t appear to be a crime in of itself) attached to charges of terrorism. While Ullah may well be guilty of encouraging terrorist activities, the fact that these secondary, seemingly innocuous charges regarding encryption and concealed storage devices is worrying, and could be seen as a test case to scrutinise their legality in the interest of public safety.
Marks and Spencer sell 8GB USB Cufflinks, they were on sale recently for about a fiver a pair.
Are M&S aiding terrorism by selling these? Of course not.
I wonder what platform the so-called terrorist’s blog was on? I guess a HTTPS-enabled one. Again, if it’s not used for restricting access by securing credentials, then it’s not exactly secured against reading. But I don’t know the details.
Sadly the police and the CPS are pretty stupid overall, but also very sneaky in trying this route to outlaw HTTPS by association with terrorism.